Often overlooked by many merchants, PCI (Payment Card Industry) compliance is a extremely important aspect of your business. The focus of PCI Compliance involves data security to prevent credit card numbers from being stolen from point-of-sale systems, waste disposal and any other possible method by which card holder information could be compromised.
As cases of consumer fraud, identity theft and security breaches continue to make the news, adherence to the Payment Card Industry’s Data Security Standards (PCI DSS) are progressing toward ensuring security for cardholder data. And, while many merchants work to meet mandated certification and validation of their systems, the technological and financial risks of non-compliance continue to burden businesses of all sizes.
The fallout of non-compliance has a domino effect on your business, as the financial implications of a breach can destroy merchants of any size. You can mitigate risk by maintaining compliance and providing verification and certification as required by the industry.
By following the standardized PCI DSS procedures, you can: •Protect your customers’ personal data •Boost customer confidence through a higher level of data security •Insulate your organization from financial losses and remediation costs •Maintain customer trust, and safeguard the reputation of your brand •Take stock
A framework for safeguarding sensitive data for all credit card brands, PCI applies to all acceptance environments, including retail (face-to-face), mail- or telephone-order, and e-commerce. Business of all types and sizes are impacted, so now is the time to understand what you can do to obtain PCI compliance.
The questions below can help you analyze your compliance needs. The first three questions are essential components in a PCI compliant environment and, when not up-to-date, account for the greatest opportunity for compromise.
•Is virus protection up-to-date and provided by a reputable company? •Are the latest software revisions, such as security patches, in place for the operating system? •Is adequate firewall protection installed and up-to-date? •What vendor provides your point-of-sale payment software? •Has software been created internally? Does the payment application store card numbers, track data, or PIN data? •How many people in your organization have access to cardholder data? •Are passwords changed frequently, and do they differ from default passwords? •Are back office procedures compliant? These include procedures such as storing paper reports under lock and key and limiting personnel access? •Where is sensitive data stored? How many people can access it? •Are mobile computing devices, such as laptops, PDA’s, and those with wireless access also PCI compliant?
We can’t emphasize the urgency of this matter strongly enough, not being PCI compliant is an issue that could be critical to the ongoing existence of your business. If you are not in compliance or do not know if you are or not, please contact us and we will work with you to make sure you are.
Please contact our support staff at 866.359.0770. We can answer any questions you might have.
